Compare commits
21 Commits
OpenSSL_FI
...
OpenSSL_0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
d26d236162 | ||
|
|
3dcd6cf004 | ||
|
|
daaca57e55 | ||
|
|
309d74c8f0 | ||
|
|
234f2f67ac | ||
|
|
d4e81773cc | ||
|
|
d366bf7948 | ||
|
|
6c9cd652f7 | ||
|
|
dd4263d906 | ||
|
|
f4e43726a8 | ||
|
|
6fa6e3e2df | ||
|
|
fcdf1d3fc7 | ||
|
|
e0fe7abeec | ||
|
|
e8518f847e | ||
|
|
8299069b8e | ||
|
|
5dc96f40ce | ||
|
|
7775bf5564 | ||
|
|
a0a82def50 | ||
|
|
9a2c519d4b | ||
|
|
f3fc016c08 | ||
|
|
8d6e32a07c |
9
CHANGES
9
CHANGES
@@ -2,7 +2,14 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.7i and 0.9.7j [XX xxx XXXX]
|
||||
Changes between 0.9.7i and 0.9.7j [04 May 2006]
|
||||
|
||||
*) Adapt fipsld and the build system to link against the validated FIPS
|
||||
module in FIPS mode.
|
||||
[Steve Henson]
|
||||
|
||||
*) Fixes for VC++ 2005 build under Windows.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
|
||||
from a Windows bash shell such as MSYS. It is autodetected from the
|
||||
|
||||
33
Configure
33
Configure
@@ -563,7 +563,7 @@ my %table=(
|
||||
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
|
||||
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
||||
"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o:::::::::dlfcn:darwin-shared:-fPIC -fno-common::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
|
||||
"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
|
||||
"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
|
||||
|
||||
##### A/UX
|
||||
"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
||||
@@ -621,6 +621,8 @@ my $prefix="";
|
||||
my $openssldir="";
|
||||
my $exe_ext="";
|
||||
my $install_prefix="";
|
||||
my $fipslibdir="/usr/local/ssl/lib";
|
||||
my $baseaddr="0xFB00000";
|
||||
my $no_threads=0;
|
||||
my $no_shared=1;
|
||||
my $zlib=0;
|
||||
@@ -806,7 +808,7 @@ PROCESS_ARGS:
|
||||
{
|
||||
while (<IN>)
|
||||
{
|
||||
chop;
|
||||
chomp;
|
||||
if (/^CONFIGURE_ARGS=(.*)/)
|
||||
{
|
||||
$argvstring=$1;
|
||||
@@ -869,6 +871,14 @@ PROCESS_ARGS:
|
||||
{
|
||||
$withargs{"zlib-lib"}=$1;
|
||||
}
|
||||
elsif (/^--with-fipslibdir=(.*)$/)
|
||||
{
|
||||
$fipslibdir="$1";
|
||||
}
|
||||
elsif (/^--with-baseaddr=(.*)$/)
|
||||
{
|
||||
$baseaddr="$1";
|
||||
}
|
||||
elsif (/^--with-zlib-include=(.*)$/)
|
||||
{
|
||||
$withargs{"zlib-include"}="-I$1";
|
||||
@@ -972,6 +982,21 @@ chop $prefix if $prefix =~ /\/$/;
|
||||
$openssldir=$prefix . "/ssl" if $openssldir eq "";
|
||||
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
|
||||
|
||||
if ($fips && ! -f "$fipslibdir/fipscanister.o")
|
||||
{
|
||||
my $fipswinerr = "";
|
||||
$fipswinerr = <<EOF if $IsWindows;
|
||||
Ensure that the correct path to the FIPS module directory
|
||||
has been given to the --with-fipslibdir option.
|
||||
EOF
|
||||
print STDERR <<EOF;
|
||||
The file fipscanister.o could not be located. Please build and install the
|
||||
FIPS module using the instructions in the user guide before compiling OpenSSL
|
||||
in FIPS mode.$fipswinerr
|
||||
EOF
|
||||
exit 1;
|
||||
}
|
||||
|
||||
|
||||
print "IsWindows=$IsWindows\n";
|
||||
|
||||
@@ -1270,7 +1295,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
|
||||
my $sdirs=0;
|
||||
while (<IN>)
|
||||
{
|
||||
chop;
|
||||
chomp;
|
||||
$sdirs = 1 if /^SDIRS=/;
|
||||
if ($sdirs) {
|
||||
my $dir;
|
||||
@@ -1318,6 +1343,8 @@ while (<IN>)
|
||||
s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
|
||||
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
|
||||
s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
|
||||
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
|
||||
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
|
||||
s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
|
||||
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
|
||||
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
|
||||
|
||||
2
FAQ
2
FAQ
@@ -70,7 +70,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.7i was released on October 14, 2005.
|
||||
OpenSSL 0.9.7j was released on May 4, 2006.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
|
||||
16
Makefile.org
16
Makefile.org
@@ -176,6 +176,20 @@ LIBKRB5=
|
||||
ZLIB_INCLUDE=
|
||||
LIBZLIB=
|
||||
|
||||
# This is the location of fipscanister.o and friends.
|
||||
# The FIPS module build will place it $(INSTALLTOP)/lib
|
||||
# but since $(INSTALLTOP) can only take the default value
|
||||
# when the module is built it will be in /usr/local/ssl/lib
|
||||
# $(INSTALLTOP) for this build make be different so hard
|
||||
# code the path.
|
||||
|
||||
FIPSLIBDIR=/usr/local/ssl/lib
|
||||
|
||||
# Shared library base address. Currently only used on Windows.
|
||||
#
|
||||
|
||||
BASEADDR=
|
||||
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
|
||||
SHLIB_MARK=
|
||||
@@ -234,7 +248,7 @@ sub_all:
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; \
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.7j-dev XX xxx XXXX
|
||||
OpenSSL 0.9.7j 04 May 2006
|
||||
|
||||
Copyright (c) 1998-2005 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
4
STATUS
4
STATUS
@@ -1,12 +1,14 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2005/10/14 22:15:44 $
|
||||
______________ $Date: 2006/05/04 12:52:57 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 0.9.9: Under development...
|
||||
o OpenSSL 0.9.8b: Released on May 4th, 2006
|
||||
o OpenSSL 0.9.8a: Released on October 11th, 2005
|
||||
o OpenSSL 0.9.8: Released on July 5th, 2005
|
||||
o OpenSSL 0.9.7j: Released on May 4th, 2006
|
||||
o OpenSSL 0.9.7i: Released on October 14th, 2005
|
||||
o OpenSSL 0.9.7h: Released on October 11th, 2005
|
||||
o OpenSSL 0.9.7g: Released on April 11th, 2005
|
||||
|
||||
2
TABLE
2
TABLE
@@ -1402,7 +1402,7 @@ $arflags =
|
||||
|
||||
*** darwin-i386-cc
|
||||
$cc = cc
|
||||
$cflags = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
|
||||
$cflags = -O3 -fomit-frame-pointer -fno-common
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id = MACOSX
|
||||
|
||||
2
config
2
config
@@ -427,7 +427,7 @@ if [ "$GCCVER" != "" ]; then
|
||||
CC=gcc
|
||||
# then strip off whatever prefix egcs prepends the number with...
|
||||
# Hopefully, this will work for any future prefixes as well.
|
||||
GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
|
||||
GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
|
||||
# Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
|
||||
# does give us what we want though, so we use that. We just just the
|
||||
# major and minor version numbers.
|
||||
|
||||
@@ -213,8 +213,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
|
||||
ret=BN_bn2bin(tmp,key);
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
if (ctx != NULL)
|
||||
{
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
@@ -88,6 +88,13 @@
|
||||
* be used for all exponents.
|
||||
*/
|
||||
|
||||
/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
|
||||
* it is then the applications responsibility to ensure the external method
|
||||
* is compliant.
|
||||
*/
|
||||
|
||||
#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
|
||||
|
||||
#if defined(OPENSSL_FIPS)
|
||||
#define FIPS_DSA_SIZE_T int
|
||||
#endif
|
||||
|
||||
@@ -72,7 +72,8 @@
|
||||
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
if(FIPS_mode() && !FIPS_dsa_check(dsa))
|
||||
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
|
||||
&& !FIPS_dsa_check(dsa))
|
||||
return NULL;
|
||||
#endif
|
||||
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
|
||||
@@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
|
||||
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
if(FIPS_mode() && !FIPS_dsa_check(dsa))
|
||||
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
|
||||
&& !FIPS_dsa_check(dsa))
|
||||
return 0;
|
||||
#endif
|
||||
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
|
||||
|
||||
@@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
|
||||
DSA *dsa)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
if(FIPS_mode() && !FIPS_dsa_check(dsa))
|
||||
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
|
||||
&& !FIPS_dsa_check(dsa))
|
||||
return -1;
|
||||
#endif
|
||||
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
|
||||
|
||||
@@ -27,7 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c
|
||||
L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
|
||||
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
|
||||
L UI crypto/ui/ui.h crypto/ui/ui_err.c
|
||||
L FIPS fips/fips.h fips/fips_err.h
|
||||
L FIPS fips-1.0/fips.h fips-1.0/fips_err.h
|
||||
|
||||
# additional header files to be scanned for function names
|
||||
L NONE crypto/x509/x509_vfy.h NONE
|
||||
|
||||
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
|
||||
EVP_MD_CTX_init(&c);
|
||||
for (;;)
|
||||
{
|
||||
EVP_DigestInit_ex(&c,md, NULL);
|
||||
if (!EVP_DigestInit_ex(&c,md, NULL))
|
||||
return 0;
|
||||
if (addmd++)
|
||||
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
|
||||
EVP_DigestUpdate(&c,data,datal);
|
||||
|
||||
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
|
||||
/* Now decode key derivation function */
|
||||
|
||||
if(!pbe2->keyfunc->parameter ||
|
||||
(pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
|
||||
{
|
||||
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
pbuf = pbe2->keyfunc->parameter->value.sequence->data;
|
||||
plen = pbe2->keyfunc->parameter->value.sequence->length;
|
||||
if(!pbe2->keyfunc->parameter ||
|
||||
(pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
|
||||
!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
|
||||
if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
|
||||
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090709fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x009070afL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips-dev XX xxx XXXX"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-dev XX xxx XXXX"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
|
||||
unsigned int keyidlen;
|
||||
|
||||
/* Set defaults */
|
||||
if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
if(!nid_cert)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_mode())
|
||||
nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
else
|
||||
#endif
|
||||
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
}
|
||||
if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
if(!iter) iter = PKCS12_DEFAULT_ITER;
|
||||
if(!mac_iter) mac_iter = 1;
|
||||
|
||||
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
|
||||
#ifndef HZ
|
||||
#ifndef CLK_TCK
|
||||
#define HZ 100.0
|
||||
#endif
|
||||
#else /* CLK_TCK */
|
||||
#else /* CLK_TCK */
|
||||
#define HZ ((double)CLK_TCK)
|
||||
#endif
|
||||
#endif /* CLK_TCK */
|
||||
#endif /* HZ */
|
||||
|
||||
#define BUFSIZE ((long)1024)
|
||||
long run=0;
|
||||
|
||||
@@ -184,7 +184,8 @@ err:
|
||||
RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
|
||||
ok=0;
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
BN_CTX_free(ctx2);
|
||||
|
||||
|
||||
@@ -55,7 +55,8 @@ all:
|
||||
fi
|
||||
|
||||
check:
|
||||
$(PERL) ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1)
|
||||
# $(PERL) ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1)
|
||||
echo FIPS module not built: no check done
|
||||
|
||||
# Idea behind fipscanister.o is to "seize" the sequestered code between
|
||||
# known symbols for fingerprinting purposes, which would be commonly
|
||||
@@ -71,6 +72,7 @@ check:
|
||||
# flag and simply assume that all objects are of the same type as first
|
||||
# one in command line. So the idea is to identify gcc and deficient
|
||||
# vendor compiler drivers...
|
||||
|
||||
fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
|
||||
@objs="fips_start.o $(LIBOBJ)"; \
|
||||
for i in $(FIPS_OBJ_LISTS); do \
|
||||
@@ -87,6 +89,7 @@ fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
|
||||
*) set -x; $(CC) $(CFLAGS) -r -o $@ $$objs ;; \
|
||||
esac fi
|
||||
sha/fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
|
||||
|
||||
# If another exception is immediately required, assign approprite
|
||||
# site-specific ld command to FIPS_SITE_LD environment variable.
|
||||
|
||||
@@ -128,8 +131,8 @@ links:
|
||||
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
|
||||
done;
|
||||
|
||||
lib: fipscanister.o
|
||||
$(AR) $(LIB) fipscanister.o
|
||||
lib: $(FIPSLIBDIR)/fipscanister.o
|
||||
$(AR) $(LIB) $(FIPSLIBDIR)/fipscanister.o
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
|
||||
@@ -1169,7 +1169,7 @@ $! Save directory information
|
||||
$!
|
||||
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
|
||||
$ __HERE = F$EDIT(__HERE,"UPCASE")
|
||||
$ __TOP = __HERE - "FIPS]"
|
||||
$ __TOP = __HERE - "FIPS-1_0]"
|
||||
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
|
||||
$!
|
||||
$! Set up the logical name OPENSSL to point at the include directory
|
||||
|
||||
@@ -10,6 +10,8 @@
|
||||
# command line syntax and $FIPSLD_CC or $CC environment variable set
|
||||
# and can even be used to compile source files.
|
||||
|
||||
#set -x
|
||||
|
||||
CC=${FIPSLD_CC:-${CC}}
|
||||
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
|
||||
|
||||
@@ -30,6 +32,14 @@ TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
|
||||
|
||||
THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
|
||||
|
||||
# Location of installed validated FIPS module
|
||||
FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
|
||||
# If this is a build from a validated tarball use this instead
|
||||
# FIPSLIBDIR=${THERE}/fips-1.0
|
||||
|
||||
[ -f "${FIPSLIBDIR}/fipscanister.o" ] ||
|
||||
{ echo "fipscanister.o not found"; exit 1; }
|
||||
|
||||
HMAC_KEY="etaonrishdlcupfm"
|
||||
|
||||
case "`(uname -s) 2>/dev/null`" in
|
||||
@@ -50,8 +60,10 @@ case "${TARGET}" in
|
||||
# Shared lib creation can be taking place in the source
|
||||
# directory only!!!
|
||||
FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1"
|
||||
CANISTER_O="${THERE}/fips-1.0/fipscanister.o"
|
||||
PREMAIN_C="${THERE}/fips-1.0/fips_premain.c"
|
||||
CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
|
||||
PREMAIN_C="${FIPSLIBDIR}/fips_premain.c"
|
||||
|
||||
echo Canister: $CANISTER_O
|
||||
|
||||
# verify fipscanister.o against its detached signature...
|
||||
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
|
||||
@@ -96,16 +108,15 @@ case "${TARGET}" in
|
||||
# directory or off the installed binary target destination.
|
||||
if [ -x "${THERE}/fips-1.0/sha/fips_standalone_sha1" ]; then
|
||||
FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1"
|
||||
CANISTER_O="${THERE}/fips-1.0/fipscanister.o"
|
||||
PREMAIN_C="${THERE}/fips-1.0/fips_premain.c"
|
||||
else # Installed tree is expected to contain
|
||||
# lib/fipscanister.o, lib/fipscanister.o.sha1 and
|
||||
# lib/fips_premain.c [not to mention bin/openssl].
|
||||
FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
|
||||
CANISTER_O="${THERE}/lib/fipscanister.o"
|
||||
PREMAIN_C="${THERE}/lib/fips_premain.c"
|
||||
fi
|
||||
|
||||
CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
|
||||
PREMAIN_C="${FIPSLIBDIR}/fips_premain.c"
|
||||
|
||||
# verify fipscanister.o against its detached signature...
|
||||
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
|
||||
diff -w "${CANISTER_O}.sha1" - || \
|
||||
|
||||
10
makevms.com
10
makevms.com
@@ -480,7 +480,7 @@ $!
|
||||
$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
|
||||
$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
|
||||
$!
|
||||
$! Copy All The ".H" Files From The [.FIPS] Directories.
|
||||
$! Copy All The ".H" Files From The [.FIPS-1_0] Directories.
|
||||
$!
|
||||
$ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC
|
||||
$ EXHEADER_ := fips.h
|
||||
@@ -502,9 +502,9 @@ $ tmp = EXHEADER_'D'
|
||||
$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS
|
||||
$ IF D .EQS. ""
|
||||
$ THEN
|
||||
$ COPY [.FIPS]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
|
||||
$ COPY [.FIPS-1_0]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
|
||||
$ ELSE
|
||||
$ COPY [.FIPS.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
|
||||
$ COPY [.FIPS-1_0.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
|
||||
$ ENDIF
|
||||
$ GOTO LOOP_FDIRS
|
||||
$ LOOP_FDIRS_END:
|
||||
@@ -538,9 +538,9 @@ $! Go Back To The Main Directory.
|
||||
$!
|
||||
$ SET DEFAULT [-]
|
||||
$!
|
||||
$! Go To The [.FIPS] Directory.
|
||||
$! Go To The [.FIPS-1_0] Directory.
|
||||
$!
|
||||
$ SET DEFAULT SYS$DISK:[.FIPS]
|
||||
$ SET DEFAULT SYS$DISK:[.FIPS-1_0]
|
||||
$!
|
||||
$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
|
||||
$!
|
||||
|
||||
@@ -732,15 +732,23 @@ fips_shatest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
|
||||
fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
|
||||
fips_shatest.o: fips_shatest.c
|
||||
fips_test_suite.o: ../include/openssl/aes.h ../include/openssl/asn1.h
|
||||
fips_test_suite.o: ../include/openssl/bio.h ../include/openssl/bn.h
|
||||
fips_test_suite.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/cast.h
|
||||
fips_test_suite.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
fips_test_suite.o: ../include/openssl/des_old.h ../include/openssl/dh.h
|
||||
fips_test_suite.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
|
||||
fips_test_suite.o: ../include/openssl/err.h ../include/openssl/fips.h
|
||||
fips_test_suite.o: ../include/openssl/lhash.h ../include/openssl/md5.h
|
||||
fips_test_suite.o: ../include/openssl/err.h ../include/openssl/evp.h
|
||||
fips_test_suite.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
|
||||
fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/idea.h
|
||||
fips_test_suite.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
fips_test_suite.o: ../include/openssl/md4.h ../include/openssl/md5.h
|
||||
fips_test_suite.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
|
||||
fips_test_suite.o: ../include/openssl/objects.h
|
||||
fips_test_suite.o: ../include/openssl/opensslconf.h
|
||||
fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
||||
fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h
|
||||
fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rc2.h
|
||||
fips_test_suite.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
|
||||
fips_test_suite.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
|
||||
fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||
fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
|
||||
|
||||
@@ -19,6 +19,7 @@ my $fips_premain_c_path = "";
|
||||
my $fips_sha1_exe_path = "";
|
||||
|
||||
my $fipslibdir = "";
|
||||
my $baseaddr = "";
|
||||
|
||||
my $ex_l_libs = "";
|
||||
|
||||
@@ -359,6 +360,12 @@ for (;;)
|
||||
if ($key eq "LIBOBJ")
|
||||
{ $libobj=&var_add($dir,$val); }
|
||||
|
||||
if ($key eq "FIPSLIBDIR")
|
||||
{ $fipslibdir=$val;}
|
||||
|
||||
if ($key eq "BASEADDR")
|
||||
{ $baseaddr=$val;}
|
||||
|
||||
if (!($_=<IN>))
|
||||
{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
|
||||
}
|
||||
@@ -401,7 +408,7 @@ if ($fips)
|
||||
$ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
|
||||
$ex_l_libs .= " \$(O_FIPSCANISTER)";
|
||||
}
|
||||
if ($fipslibpath eq "")
|
||||
if ($fipslibdir eq "")
|
||||
{
|
||||
open (IN, "util/fipslib_path.txt") || fipslib_error();
|
||||
$fipslibdir = <IN>;
|
||||
@@ -511,6 +518,7 @@ MKCANISTER=$mkcanister
|
||||
E_PREMAIN_DSO=fips_premain_dso
|
||||
|
||||
FIPSLIB_D=$fipslibdir
|
||||
BASEADDR=$baseaddr
|
||||
FIPS_PREMAIN_SRC=$fips_premain_c_path
|
||||
O_FIPSCANISTER=$fips_canister_path
|
||||
FIPS_SHA1_EXE=$fips_sha1_exe_path
|
||||
@@ -780,7 +788,7 @@ if ($fips)
|
||||
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
|
||||
"\$(O_CRYPTO)",
|
||||
"$crypto",
|
||||
$shlib, "\$(SO_CRYPTO)", "0xFB00000");
|
||||
$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -135,7 +135,7 @@ sub do_lib_rule
|
||||
# $ret.="\t\$(RM) \$(O_$Name)\n";
|
||||
$ret.="$target: $objs\n";
|
||||
$ex =' advapi32.lib';
|
||||
$ex.=" ms${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
|
||||
$ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
|
||||
$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
|
||||
}
|
||||
else
|
||||
@@ -145,7 +145,7 @@ sub do_lib_rule
|
||||
$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
|
||||
if ($fips && $target =~ /O_CRYPTO/)
|
||||
{
|
||||
$ex.=" ms${o}_chkstk.o";
|
||||
$ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
|
||||
$ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
|
||||
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
|
||||
$ret.="\tSET FIPS_CC=\$(CC)\n";
|
||||
@@ -178,7 +178,7 @@ sub do_link_rule
|
||||
if ($standalone)
|
||||
{
|
||||
$ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
|
||||
$ret.="ms/_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
|
||||
$ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
|
||||
$ret.="$files $libs\n<<\n";
|
||||
}
|
||||
elsif ($fips && !$shlib)
|
||||
|
||||
Reference in New Issue
Block a user